recentpopularlog in

jonerp : coming   9

Wawa Breach May Have Compromised More Than 30 Million Payment Cards
"In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach."
data  breaches  the  coming  storm  bebe  stores  breach  buca  di  beppo  gemini  advisory  hilton  hotels  joker's  stash  krystal  mastercard  mcalister's  deli  moe's  scholtzsky's 
10 weeks ago by jonerp
The Hidden Cost of Ransomware: Wholesale Password Theft
"Christianson said several factors stopped the painful Ryuk ransomware attack from morphing into a company-ending event. For starters, she said, an employee spotted suspicious activity on their network in the early morning hours of Saturday, Nov. 16. She said that employee then immediately alerted higher-ups within VCPI, who ordered a complete and immediate shutdown of the entire network."
a  little  sunshine  ransomware  the  coming  storm  alex  holden  hold  security  karen  christianson  mark  schafer  ryuk  sva  consulting  vcpi 
january 2020 by jonerp
Ransomware Gangs Now Outing Victim Businesses That Don’t Pay Up
"As if the scourge of ransomware wasn’t bad enough already: Several prominent purveyors of ransomware have signaled they plan to start publishing data stolen from victims who refuse to pay up. To make matters worse, one ransomware gang has now created a public Web site identifying recent victim companies that have chosen to rebuild their operations instead of quietly acquiescing to their tormentors."
ransomware  the  coming  storm  bleepingcomputer  lawrence  abrams  maze  revil  sodinokibi 
december 2019 by jonerp
What We Can Learn from the Capital One Hack
"“SSRF has become the most serious vulnerability facing organizations that use public clouds,” Johnson wrote. “The impact of SSRF is being worsened by the offering of public clouds, and the major players like AWS are not doing anything to fix it. The problem is common and well-known, but hard to prevent and does not have any mitigations built into the AWS platform.”

Johnson said AWS could address this shortcoming by including extra identifying information in any request sent to the metadata service, as Google has already done with its cloud hosting platform. He also acknowledged that doing so could break a lot of backwards compatibility within AWS."
a  little  sunshine  data  breaches  the  coming  storm  apache  capital  one  breach  cloudflare  disruptops  evan  johnson  metadata  service  modsecurity  rich  mogull  server  side  request  forgery 
august 2019 by jonerp
P2P Weakness Exposes Millions of IoT Devices
"But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese, iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions."
latest  warnings  the  coming  storm  hichip  ilnkp2p  p2p  paul  marrapese  shenzhen  yunni  technology  udp  hole  punching  upnp 
april 2019 by jonerp
A Deep Dive on the Recent Widespread DNS Hijacking Attacks
"The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers."
a  little  sunshine  data  breaches  the  coming  storm  apnic  bill  woodcock  cisco  talos  comodo  crowdstrike  dhs  dnspionage  dnssec  epp 
february 2019 by jonerp
When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?
"Last week, I was on a train from New York to Washington, D.C. when I received a phone call from Vinny Troia, a security researcher who runs a startup in Missouri called NightLion Security. Troia had discovered that All American Entertainment, a speaker bureau which represents a number of celebrities who also can be hired to do public speaking, had exposed thousands of speaking contracts via an unsecured Amazon cloud instance."
a  little  sunshine  data  breaches  ne'er-do-well  news  the  coming  storm  all  american  entertainment  angellist  apollo  arnie  exactis  facebook  kickass  linkedin 
october 2018 by jonerp
Voice Phishing Scams Are Getting More Clever
"Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. Think you’re too smart to fall for one? Think again: Even technology experts are getting taken in by some of the more recent schemes (or very nearly)."
a  little  sunshine  latest  warnings  the  coming  storm  cabel  sasser  caller  id  spoofing  matt  haughey  metafilter  panic  inc.  phone  phishing  slack  vishing 
october 2018 by jonerp
Supreme Court: Police Need Warrant for Mobile Location Data
"The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies."
a  little  sunshine  the  coming  storm  3cinteractive  4th  amendment  amy  howe  at&t  carpenter  v.  united  states  electronic  frontier  foundation  jennifer  lynch  locationsmart  securus  technologies 
june 2018 by jonerp

Copy this bookmark:

to read